def process_login(): form = LoginForm() next_url = request.args.get('next') template_data = main.config['BASE_TEMPLATE_DATA'] if form.validate_on_submit(): user_json = data_api_client.authenticate_user( form.email_address.data, form.password.data) if not user_has_role(user_json, 'supplier'): message = "login.fail: " \ "Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash("no_account", "error") return render_template( "auth/login.html", form=form, next=next_url, **template_data), 403 user = User.from_json(user_json) login_user(user) if next_url and next_url.startswith('/suppliers'): return redirect(next_url) return redirect(url_for('.dashboard')) else: return render_template( "auth/login.html", form=form, next=next_url, **template_data), 400
def process_login(): next_url = request.args.get('next') form = LoginForm() if form.validate_on_submit(): user_json = data_api_client.authenticate_user( form.email_address.data, form.password.data, supplier=False) if not user_has_role(user_json, 'admin'): message = "login.fail: Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash('no_account', 'error') return render_template( 'login.html', **get_template_data(form=form, next=next_url) ), 403 user = User.from_json(user_json) login_user(user) if next_url and next_url.startswith('/admin'): return redirect(next_url) return redirect(url_for('.index')) else: return render_template( 'login.html', **get_template_data(form=form) ), 400
def process_login(): next_url = request.args.get('next') form = LoginForm() if form.validate_on_submit(): user_json = data_api_client.authenticate_user(form.email_address.data, form.password.data, supplier=False) if not user_has_role(user_json, 'admin'): message = "login.fail: Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash('no_account', 'error') return render_template( 'login.html', **get_template_data(form=form, next=next_url)), 403 user = User.from_json(user_json) login_user(user) if next_url and next_url.startswith('/admin'): return redirect(next_url) return redirect(url_for('.index')) else: return render_template('login.html', **get_template_data(form=form)), 400
def process_login(): next_url = request.args.get('next') form = LoginForm(request.form) if form.validate(): user_json = data_api_client.authenticate_user(form.email_address.data, form.password.data) if not any( user_has_role(user_json, role) for role in ['assessor', 'admin', 'admin-ccs-category', 'admin-ccs-sourcing']): message = "login.fail: Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash('no_account', 'error') return render_template('login.html', form=form, next=next_url), 403 user = User.from_json(user_json) login_user(user) current_app.logger.info('login.success') if next_url and next_url.startswith('/admin'): return redirect(next_url) return redirect(url_for('.index')) else: return render_template('login.html', form=form), 400
def process_login(): next_url = request.args.get('next') form = LoginForm(request.form) if form.validate(): user_json = data_api_client.authenticate_user( form.email_address.data, form.password.data ) if not any(user_has_role(user_json, role) for role in ['admin', 'admin-ccs-category', 'admin-ccs-sourcing']): message = "login.fail: Failed to log in: %s" current_app.logger.info(message, form.email_address.data) flash('no_account', 'error') return render_template( 'login.html', form=form, next=next_url ), 403 user = User.from_json(user_json) login_user(user) current_app.logger.info('login.success') if next_url and next_url.startswith('/admin'): return redirect(next_url) return redirect(url_for('.index')) else: return render_template( 'login.html', form=form ), 400
def test_user_has_role_returns_false_on_none(): assert not user_has_role(None, 'admin')
def test_user_has_role_returns_false_on_non_matching_role(): assert not user_has_role({'users': {'role': 'admin'}}, 'supplier')
def test_user_has_role(): assert user_has_role({'users': {'role': 'admin'}}, 'admin')
def test_user_has_role_returns_false_on_invalid_json(): assert not user_has_role({'in': 'valid'}, 'admin')
def test_user_has_role_returns_false_on_invalid_json(): assert not user_has_role({"in": "valid"}, "admin")
def test_user_has_role(): assert user_has_role({"users": {"role": "admin"}}, "admin")
def test_user_has_role_returns_false_on_non_matching_role(): assert not user_has_role({"users": {"role": "admin"}}, "supplier")